From nobody Tue Sep 5 14:55:24 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rg7ph5MJgz4rNvv; Tue, 5 Sep 2023 14:55:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rg7ph3FHvz4MSx; Tue, 5 Sep 2023 14:55:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1693925724; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=t0n/lbtd9Ck3yNjLdgGfkhewBR9kIdC6fFC4JO1psPs=; b=ZrpR7aG/BOGCoX2URHJ5DFEtvc432q0PFNF2di8hmnMP5n4/EGgoknKebI66DrFYQhonMO X26wSlzfLB9/UXzuYFXM1iqTh/VWei2SQoPCEAwl8Cqsl+SmuewMD/7OxqT3kGcy94hr+1 QiF809O2PV/UdO1rwQR0Uf+Vl58/bFzP3Rxh6ZuC7X0zTyjvfNgw3YuRp0sPC/P1PUJqrh T8WHgjV3f0yOooYAjklXD53KRoWKeJWOqLh22+/UK/RQn1StIwaRA93JnO8m+OXEffEtQY R/jryfA8ZwEd2VZ3MOFh/4dkNXYkwuGrS9yoFueDetkoIddX729U8mZf9kmISQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1693925724; a=rsa-sha256; cv=none; b=L/9zj7dYzBnA1VmHMXtrdWKoN8ZT8kkW1gucRiGhWqbbNoUkrtxOiWxwpSLftlXQv22mMx Uu3ziBPcRMGQumrlu1W1OdfHGYyblaxora693CddqX8KQf2Yrcgo9F5BIdQ8842hadIIJo xRhqHR7aEH9mUTLhvcxeFxx0flTwjwjtOEPpWc3nVim8FMF9G4y95TSvhrgQ3MIjEeL5gj EIOVM8pCJD9h8Wgk3u55YP7M3nU4FKYX6FAU0OCpeta1g1WxInW/A9DKSzOkK4BzWfItma Dh/E3e+32mnNcPc01c3uAtJQqCW/xO072cA1a+lv75q7J+8nSHghb5a58CcFgw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1693925724; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=t0n/lbtd9Ck3yNjLdgGfkhewBR9kIdC6fFC4JO1psPs=; b=u/aaC9fOZGmJnhXsGbxyYbQe1xa4fSY5k4nvC7gniILLRQvbIXXR/BRN+m3TbP8NbGQL/m DfXAZsZ2P4ki5GuvxAhRXB5wN4X9SyTRmbZdWNDofpt6zS1LVtff6whfrwmnrygFhc9TSj wOK97+Isiabj3QI0Z8TvgXLaga1vQPcIfpLfa5crNNRNGtCQMiVI4UE0wpGvDUweVY6Fzr hnSNZIv7LHgAdLwDWiO8ERAGJD1YJMfU8Yfpj24usI3K/L8BGGLVxDNwqSnTnaH0W2qU5R dSax2wJ9DrwKLf765M1uw6aNlaCsvZn3+pK1NBOa2Io8oP86GBO3hH7FzwKiwQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Rg7ph2M4Mzd9x; Tue, 5 Sep 2023 14:55:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 385EtOfZ026449; Tue, 5 Sep 2023 14:55:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 385EtOpw026446; Tue, 5 Sep 2023 14:55:24 GMT (envelope-from git) Date: Tue, 5 Sep 2023 14:55:24 GMT Message-Id: <202309051455.385EtOpw026446@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 5829e12051e5 - stable/14 - caroot: update the root bundle List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5829e12051e544333bc57b8331651bf1edd9e0fd Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=5829e12051e544333bc57b8331651bf1edd9e0fd commit 5829e12051e544333bc57b8331651bf1edd9e0fd Author: Kyle Evans AuthorDate: 2023-08-26 01:01:47 +0000 Commit: Kyle Evans CommitDate: 2023-09-05 14:55:02 +0000 caroot: update the root bundle Summary: - Six (6) new roots - Four (4) distrusted roots Note that this was intentionally generated with OpenSSL 1.1.1 to avoid mixing updates and non-functional changes -- there will be some churn with OpenSSL 3. The next commit will update the current batch of trusted certs with the format OpenSSL 3 produces, which I've tested against OpenSSL 1.1.1 to be sure that that doesn't hurt us in older branches. Approved by: re (kib) (cherry picked from commit 65fd80909e196c8be2ce5e948775e9cbda2ef069) --- ObsoleteFiles.inc | 6 + .../Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem | 66 ++++++++++ .../Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem | 133 ++++++++++++++++++++ .../trusted/SSL_com_TLS_ECC_Root_CA_2022.pem | 69 +++++++++++ .../trusted/SSL_com_TLS_RSA_Root_CA_2022.pem | 137 +++++++++++++++++++++ ...ctigo_Public_Server_Authentication_Root_E46.pem | 66 ++++++++++ ...ctigo_Public_Server_Authentication_Root_R46.pem | 134 ++++++++++++++++++++ .../E-Tugra_Certification_Authority.pem | 0 .../E-Tugra_Global_Root_CA_ECC_v3.pem | 0 .../E-Tugra_Global_Root_CA_RSA_v3.pem | 0 .../Hongkong_Post_Root_CA_1.pem | 0 11 files changed, 611 insertions(+) diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index e8f6e2e1693c..bd7071031857 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -51,6 +51,12 @@ # xargs -n1 | sort | uniq -d; # done +# 20230906: caroot bundle updated +OLD_FILES+=usr/share/certs/trusted/E-Tugra_Certification_Authority.pem +OLD_FILES+=usr/share/certs/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem +OLD_FILES+=usr/share/certs/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem +OLD_FILES+=usr/share/certs/trusted/Hongkong_Post_Root_CA_1.pem + # 20230902: libzfs now requires librt, moved to /lib MOVED_LIBS+=usr/lib/librt.so.1 diff --git a/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem new file mode 100644 index 000000000000..af7f2e061651 --- /dev/null +++ b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem @@ -0,0 +1,66 @@ +## +## Atos TrustedRoot Root CA ECC TLS 2021 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## It contains a certificate trusted for server authentication. +## +## Extracted from nss +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3d:98:3b:a6:66:3d:90:63:f7:7e:26:57:38:04:ef:00 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: CN = Atos TrustedRoot Root CA ECC TLS 2021, O = Atos, C = DE + Validity + Not Before: Apr 22 09:26:23 2021 GMT + Not After : Apr 17 09:26:22 2041 GMT + Subject: CN = Atos TrustedRoot Root CA ECC TLS 2021, O = Atos, C = DE + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:96:86:58:28:37:0a:67:d0:a0:de:24:19:19:e1: + e4:05:07:1f:97:ed:e8:64:82:b9:f6:c4:71:50:ce: + 8a:0c:ff:d7:b5:76:bb:a1:6c:93:6c:83:a2:68:6e: + a5:d9:be:2c:88:95:41:cd:5d:dd:b1:ca:83:63:83: + cc:c0:be:74:d9:e0:9d:a4:ee:4a:4e:56:e0:98:29: + 41:93:52:10:d5:24:38:02:32:67:f1:94:12:6f:ef: + d7:c5:de:2e:fd:19:80 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 76:28:25:D6:7D:E0:66:9A:7A:09:B2:6A:3B:8E:33:D7:36:D3:4F:A2 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: ecdsa-with-SHA384 + 30:65:02:30:5b:99:29:f3:9c:31:b6:89:6b:6c:d6:bd:77:e1: + 7c:e7:51:7e:b8:3a:cd:a3:36:5f:7c:f7:3c:77:3e:e4:50:ad: + a8:e7:d2:59:0c:26:8e:30:3b:6e:08:2a:c2:a7:5a:c8:02:31: + 00:99:e3:0c:e7:a3:c3:af:d3:49:2e:46:82:23:66:5d:c9:00: + 14:12:fd:38:f4:e1:98:6b:77:29:7a:db:24:cf:65:40:bf:d2: + dc:8c:11:e8:f4:7d:7f:20:84:a9:42:e4:28 +SHA1 Fingerprint=9E:BC:75:10:42:B3:02:F3:81:F4:F7:30:62:D4:8F:C3:A7:51:B2:DD +-----BEGIN CERTIFICATE----- +MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w +LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w +CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0 +MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF +Q0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X +tXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4 +AjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2 +KCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD +aAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu +CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo +9H1/IISpQuQo +-----END CERTIFICATE----- diff --git a/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem new file mode 100644 index 000000000000..7c6033b46658 --- /dev/null +++ b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem @@ -0,0 +1,133 @@ +## +## Atos TrustedRoot Root CA RSA TLS 2021 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## It contains a certificate trusted for server authentication. +## +## Extracted from nss +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 53:d5:cf:e6:19:93:0b:fb:2b:05:12:d8:c2:2a:a2:a4 + Signature Algorithm: sha384WithRSAEncryption + Issuer: CN = Atos TrustedRoot Root CA RSA TLS 2021, O = Atos, C = DE + Validity + Not Before: Apr 22 09:21:10 2021 GMT + Not After : Apr 17 09:21:09 2041 GMT + Subject: CN = Atos TrustedRoot Root CA RSA TLS 2021, O = Atos, C = DE + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:b6:80:0e:c4:79:bd:05:8c:7d:b0:a3:9d:4d:22: + 4d:cb:f0:41:97:4d:59:e0:d1:fe:56:8c:97:f2:d7: + bd:8f:6c:b7:23:8f:5f:d5:c4:d8:41:cb:f2:02:1e: + 71:e5:e9:f6:5e:cb:08:2a:5e:30:f2:2d:66:c7:84: + 1b:64:57:38:9d:75:2d:56:c6:2f:61:ef:96:fc:20: + 46:bd:eb:d4:7b:3f:3f:7c:47:38:04:a9:1b:aa:52: + df:13:37:d3:15:15:4e:bd:5f:7c:af:ad:63:c7:79: + dc:08:7b:d5:a0:e5:f7:5b:75:ac:80:55:99:92:61: + 9b:cd:2a:17:7d:db:8f:f4:b5:6a:ea:17:4a:64:28: + 66:15:29:6c:02:f1:6b:d5:ba:a3:33:dc:5a:67:a7: + 05:e2:bf:65:b6:16:b0:10:ed:cd:50:33:c9:70:50: + ec:19:8e:b0:c7:f2:74:5b:6b:44:c6:7d:96:b9:98: + 08:59:66:de:29:01:9b:f4:2a:6d:d3:15:3a:90:6a: + 67:f1:b4:6b:66:d9:21:eb:ca:d9:62:7c:46:10:5c: + de:75:49:67:9e:42:f9:fe:75:a9:a3:ad:ff:76:0a: + 67:40:e3:c5:f7:8d:c7:85:9a:59:9e:62:9a:6a:ed: + 45:87:98:67:b2:d5:4a:3c:d7:b4:3b:00:0d:c0:8f: + 1f:e1:40:c4:ae:6c:21:dc:49:7e:7e:ca:b2:8d:6d: + b6:bf:93:2f:a1:5c:3e:8f:ca:ed:80:8e:58:e1:db: + 57:cf:85:36:38:b2:71:a4:09:8c:92:89:08:88:48: + f1:40:63:18:b2:5b:8c:5a:e3:c3:d3:17:aa:ab:19: + a3:2c:1b:e4:d5:c6:e2:66:7a:d7:82:19:a6:3b:16: + 2c:2f:71:87:5f:45:9e:95:73:93:c2:42:81:21:13: + 96:d7:9d:bb:93:68:15:fa:9d:a4:1d:8c:f2:81:e0: + 58:06:bd:c9:b6:e3:f6:89:5d:89:f9:ac:44:a1:cb: + 6b:fa:16:f1:c7:50:3d:24:da:f7:c3:e4:87:d5:56: + f1:4f:90:30:fa:45:09:59:da:34:ce:e0:13:1c:04: + 7c:00:d4:9b:86:a4:40:bc:d9:dc:4c:57:7e:ae:b7: + 33:b6:5e:76:e1:65:8b:66:df:8d:ca:d7:98:af:ce: + 36:98:8c:9c:83:99:03:70:f3:af:74:ed:c6:0e:36: + e7:bd:ec:c1:73:a7:94:5a:cb:92:64:82:a6:00:c1: + 70:a1:6e:2c:29:e1:58:57:ec:5a:7c:99:6b:25:a4: + 90:3a:80:f4:20:9d:9a:ce:c7:2d:f9:b2:4b:29:95: + 83:e9:35:8d:a7:49:48:a7:0f:4c:19:91:d0:f5:bf: + 10:e0:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 74:49:99:D1:FF:B4:7A:68:45:75:C3:7E:B4:DC:CC:CE:39:33:DA:08 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: sha384WithRSAEncryption + 23:43:53:24:62:5c:6d:fd:3e:c2:cf:55:00:6c:c5:56:88:b9: + 0e:dd:3a:e2:25:0d:95:4a:97:ca:80:89:ee:2a:cd:65:f8:db: + 16:e0:09:92:e0:18:c7:78:98:bb:f3:ec:42:52:fb:a9:a4:82: + d7:4d:d8:8a:fc:e4:4e:fd:ab:90:c4:38:75:32:84:9f:ff:b3: + b0:2b:02:33:36:c0:10:90:6f:1d:9c:af:e1:69:93:ec:a3:45: + 2f:14:9f:f5:4c:2a:65:43:72:0c:f7:c3:f8:95:8b:14:f3:85: + 20:62:dd:54:53:dd:2c:dc:18:95:69:4f:83:47:70:40:33:58: + 77:12:0c:a2:eb:52:31:1e:4c:c9:a8:ce:c5:ef:c3:d1:ad:e0: + 6b:03:00:34:26:b4:54:21:35:97:01:dc:5f:1b:f1:7c:e7:55: + fa:2d:68:77:7b:d3:69:cc:d3:0e:6b:ba:4d:76:44:d6:c2:15: + 9a:26:ec:b0:c5:f5:bb:d1:7a:74:c2:6c:cd:c5:b5:5e:f6:4c: + e6:5b:2d:81:db:b3:b7:3a:97:9e:ed:cf:46:b2:50:3d:84:60: + 99:71:b5:33:b5:57:45:e6:42:47:75:6a:0e:b0:08:0c:ae:bd: + de:f7:bb:0f:58:3d:8f:03:31:e8:3d:82:50:ca:2f:5e:0c:5d: + b4:97:be:20:34:07:f4:c4:12:e1:ee:d7:b0:d9:59:2d:69:f7: + 31:04:f4:f2:f9:ab:f9:13:31:f8:01:77:0e:3d:42:23:26:cc: + 9a:72:67:51:21:7a:cc:3c:85:a8:ea:21:6a:3b:db:5a:3c:a5: + 34:9e:9a:c0:2c:df:80:9c:29:e0:df:77:94:d1:a2:80:42:ff: + 6a:4c:5b:11:d0:f5:cd:a2:be:ae:cc:51:5c:c3:d5:54:7b:0c: + ae:d6:b9:06:77:80:e2:ef:07:1a:68:cc:59:51:ad:7e:5c:67: + 6b:b9:db:e2:07:42:5b:b8:01:05:58:39:4d:e4:bb:98:a3:b1: + 32:ec:d9:a3:d6:6f:94:23:ff:3b:b7:29:65:e6:07:e9:ef:b6: + 19:ea:e7:c2:38:1d:32:88:90:3c:13:2b:6e:cc:ef:ab:77:06: + 34:77:84:4f:72:e4:81:84:f9:b9:74:34:de:76:4f:92:2a:53: + b1:25:39:db:3c:ff:e5:3e:a6:0e:e5:6b:9e:ff:db:ec:2f:74: + 83:df:8e:b4:b3:a9:de:14:4d:ff:31:a3:45:73:24:fa:95:29: + cc:12:97:04:a2:38:b6:8d:b0:f0:37:fc:c8:21:7f:3f:b3:24: + 1b:3d:8b:6e:cc:4d:b0:16:0d:96:1d:83:1f:46:c0:9b:bd:43: + 99:e7:c4:96:2e:ce:5f:c9 +SHA1 Fingerprint=18:52:3B:0D:06:37:E4:D6:3A:DF:23:E4:98:FB:5B:16:FB:86:74:48 +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM +MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx +MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00 +MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD +QSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z +4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv +Ye+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ +kmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs +GY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln +nkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh +3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD +0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy +geBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8 +ANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB +c6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI +pw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +dEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +DAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS +4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs +o0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ +qM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw +xfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM +rr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4 +AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR +0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY +o7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5 +dDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE +oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ== +-----END CERTIFICATE----- diff --git a/secure/caroot/trusted/SSL_com_TLS_ECC_Root_CA_2022.pem b/secure/caroot/trusted/SSL_com_TLS_ECC_Root_CA_2022.pem new file mode 100644 index 000000000000..1a1f829cd2ef --- /dev/null +++ b/secure/caroot/trusted/SSL_com_TLS_ECC_Root_CA_2022.pem @@ -0,0 +1,69 @@ +## +## SSL.com TLS ECC Root CA 2022 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## It contains a certificate trusted for server authentication. +## +## Extracted from nss +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 14:03:f5:ab:fb:37:8b:17:40:5b:e2:43:b2:a5:d1:c4 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C = US, O = SSL Corporation, CN = SSL.com TLS ECC Root CA 2022 + Validity + Not Before: Aug 25 16:33:48 2022 GMT + Not After : Aug 19 16:33:47 2046 GMT + Subject: C = US, O = SSL Corporation, CN = SSL.com TLS ECC Root CA 2022 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:45:29:35:73:fa:c2:b8:23:ce:14:7d:a8:b1:4d: + a0:5b:36:ee:2a:2c:53:c3:60:09:35:b2:24:66:26: + 69:c0:b3:95:d6:5d:92:40:19:0e:c6:a5:13:70:f4: + ef:12:51:28:5d:e7:cc:bd:f9:3c:85:c1:cf:94:90: + c9:2b:ce:92:42:58:59:67:fd:94:27:10:64:8c:4f: + 04:b1:4d:49:e4:7b:4f:9b:f5:e7:08:f8:03:88:f7: + a7:c3:92:4b:19:54:81 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:89:8F:2F:A3:E8:2B:A0:14:54:7B:F3:56:B8:26:5F:67:38:0B:9C:D0 + + X509v3 Subject Key Identifier: + 89:8F:2F:A3:E8:2B:A0:14:54:7B:F3:56:B8:26:5F:67:38:0B:9C:D0 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: ecdsa-with-SHA384 + 30:65:02:30:55:e3:22:56:e9:d7:92:24:58:4f:1e:94:32:0f: + 0c:02:36:c2:fd:ac:74:32:4e:e1:fb:1c:80:88:a3:cc:fb:d7: + eb:2b:ff:37:7d:f0:ed:d7:9e:75:6a:35:76:52:45:e0:02:31: + 00:c7:8d:6f:42:20:8f:be:b6:4d:59:ed:77:4d:29:c4:20:20: + 45:64:86:3a:50:c6:c4:ad:2d:93:f5:18:7d:72:ed:a9:cf:c4: + ac:57:36:28:08:65:df:3c:79:66:7e:a0:ea +SHA1 Fingerprint=9F:5F:D9:1A:54:6D:F5:0C:71:F0:EE:7A:BD:17:49:98:84:73:E2:39 +-----BEGIN CERTIFICATE----- +MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT +U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 +MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh +dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm +acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN +SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME +GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW +uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp +15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN +b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g== +-----END CERTIFICATE----- diff --git a/secure/caroot/trusted/SSL_com_TLS_RSA_Root_CA_2022.pem b/secure/caroot/trusted/SSL_com_TLS_RSA_Root_CA_2022.pem new file mode 100644 index 000000000000..090019495424 --- /dev/null +++ b/secure/caroot/trusted/SSL_com_TLS_RSA_Root_CA_2022.pem @@ -0,0 +1,137 @@ +## +## SSL.com TLS RSA Root CA 2022 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## It contains a certificate trusted for server authentication. +## +## Extracted from nss +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6f:be:da:ad:73:bd:08:40:e2:8b:4d:be:d4:f7:5b:91 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, O = SSL Corporation, CN = SSL.com TLS RSA Root CA 2022 + Validity + Not Before: Aug 25 16:34:22 2022 GMT + Not After : Aug 19 16:34:21 2046 GMT + Subject: C = US, O = SSL Corporation, CN = SSL.com TLS RSA Root CA 2022 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:d0:a4:09:72:4f:40:88:12:61:3e:35:23:9e:ee: + f6:74:cf:2f:7b:58:3d:ce:3c:0d:10:28:90:2f:97: + f7:8c:48:d8:a0:d8:25:b1:4c:b0:11:4c:17:73:50: + d0:22:4a:63:bb:81:d3:29:6e:d5:b5:09:3e:26:18: + 7f:b2:12:7f:93:98:b7:af:f0:36:bf:f2:ee:18:9e: + 9c:3b:52:c5:47:19:5d:74:f3:64:66:d5:5d:c7:68: + b4:bf:1b:1c:06:a3:bc:8f:40:23:b6:1e:c6:84:bd: + 51:c4:1b:39:c1:95:d2:29:ec:4b:ae:7b:2d:bf:39: + fd:b4:62:de:96:7b:41:c6:9c:a0:e0:06:72:fb:f0: + 07:97:09:39:81:74:af:f7:34:59:11:57:0a:c2:5b: + c1:24:f4:31:73:30:82:c6:9d:ba:02:f7:3e:7c:44: + 5f:83:0d:f3:f1:dd:20:69:16:09:50:e2:d4:55:b6: + e0:80:72:76:6e:4c:47:b7:75:55:59:b4:53:74:d9: + 94:c6:41:ad:58:8a:31:66:0f:1e:a2:1b:29:40:4e: + 2f:df:7b:e6:16:2c:2d:fc:bf:ec:f3:b4:fa:be:18: + f6:9b:49:d4:ee:05:6e:d9:34:f3:9c:f1:ec:01:8b: + d1:20:c6:0f:a0:b5:bc:17:4e:48:7b:51:c2:fc:e9: + 5c:69:37:47:66:b3:68:f8:15:28:f0:b9:d3:a4:15: + cc:5a:4f:ba:52:70:a3:12:45:dd:c6:ba:4e:fb:c2: + d0:f7:a8:52:27:6d:6e:79:b5:8c:fc:7b:8c:c1:16: + 4c:ee:80:7f:be:f0:76:be:41:53:12:33:ae:5a:38: + 42:ab:d7:0f:3e:41:8d:76:07:32:d5:ab:89:f6:4e: + 67:d9:b1:42:75:23:6e:f3:cd:42:b2:fc:55:f5:53: + 87:17:3b:c0:33:58:f1:52:d2:f9:80:a4:f0:e8:f0: + 3b:8b:38:cc:a4:c6:90:7f:0f:9c:fd:8b:d1:a3:cf: + da:83:a7:69:c9:50:36:d5:5c:05:d2:0a:41:74:db: + 63:11:37:c1:a5:a0:96:4b:1e:8c:16:12:77:ae:94: + 34:7b:1e:7f:c2:66:00:e4:aa:83:ea:8a:90:ad:ce: + 36:44:4d:d1:51:e9:bc:1f:f3:6a:05:fd:c0:74:1f: + 25:19:40:51:6e:ea:82:51:40:df:9b:b9:08:2a:06: + 02:d5:23:1c:13:d6:e9:db:db:c6:b0:7a:cb:7b:27: + 9b:fb:e0:d5:46:24:ed:10:4b:63:4b:a5:05:8f:ba: + b8:1d:2b:a6:fa:91:e2:92:52:bd:ec:eb:67:97:6d: + 9a:2d:9f:81:32:05:67:32:fb:48:08:3f:d9:25:b8: + 04:25:2f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:FB:2E:37:EE:E3:84:7A:27:2E:CD:19:35:B1:33:7C:FF:D4:44:42:B9 + + X509v3 Subject Key Identifier: + FB:2E:37:EE:E3:84:7A:27:2E:CD:19:35:B1:33:7C:FF:D4:44:42:B9 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 8d:89:6d:84:45:18:f1:4f:b3:a0:ef:68:a4:c0:1d:ac:30:bc: + 67:66:b0:9a:cd:b6:ab:22:19:66:d3:3b:41:b5:10:9d:10:ba: + 72:6e:29:24:20:1c:01:99:62:d3:96:e0:e2:fb:0c:42:d7:e1: + 5a:c4:96:4d:54:cd:8f:ca:43:53:fd:2a:b8:ea:f8:65:ca:01: + c2:ad:60:68:06:9f:39:1a:51:d9:e0:8d:26:f9:0b:4e:a5:53: + 25:7a:23:a4:1c:ce:08:1b:df:47:88:b2:ad:3e:e0:27:87:8b: + 49:8c:1f:a9:47:58:7b:96:f2:88:1d:18:ae:b3:d1:a6:0a:94: + fa:db:d3:e5:38:0a:6b:79:12:33:fb:4a:59:37:16:40:0e:bb: + de:f5:89:0c:f1:6c:d3:f7:51:6b:5e:35:f5:db:c0:26:ea:12: + 73:4e:a9:91:90:a6:17:c3:6c:2f:38:d4:a3:72:94:43:2c:62: + e1:4e:5c:32:3d:bd:4c:7d:19:47:a2:c3:49:e7:96:3f:8f:9a: + d3:3b:e4:11:d8:8b:03:dc:f6:b6:60:55:18:a6:81:51:f3:e1: + a8:15:6a:eb:e0:0b:f0:14:31:d6:b9:8c:45:3a:a8:10:d8:f0: + b9:27:eb:f7:cb:7a:ef:05:72:96:b5:c4:8f:96:73:c4:e8:56: + 73:9c:bc:69:51:63:bc:ef:67:1c:43:1a:5f:77:19:1f:18:f8: + 1c:25:29:f9:49:99:29:b6:92:3d:a2:83:37:b1:20:91:a8:9b: + 30:e9:6a:6c:b4:23:93:65:04:ab:11:f3:0e:1d:53:24:49:53: + 1d:a1:3f:9d:48:92:11:e2:7d:0d:4f:f5:d7:bd:a2:58:3e:78: + 9d:1e:1f:2b:fe:21:bb:1a:13:b6:b1:28:64:fd:b0:02:00:c7: + 6c:80:a2:bd:16:50:20:0f:72:81:5f:cc:94:ff:bb:99:e6:ba: + 90:cb:ea:f9:c6:0c:c2:ae:c5:19:ce:33:a1:6b:5c:bb:7e:7c: + 34:57:17:ad:f0:3f:ae:cd:ea:af:99:ec:2c:54:7e:8c:ce:2e: + 12:56:48:ef:17:3b:3f:4a:5e:60:d2:dc:74:36:bc:a5:43:63: + cb:0f:5b:a3:02:56:09:9e:24:2c:e1:86:81:8c:fe:ab:17:2c: + fa:c8:e2:32:1a:3a:ff:85:08:c9:83:9f:f2:4a:48:10:54:77: + 37:ed:a2:bc:40:be:e4:10:74:f7:e4:5b:bb:b9:f3:89:f9:8f: + 41:d8:c7:e4:50:90:35:80:3e:1c:b8:4d:90:d3:d4:f7:c3:b0: + a1:7e:84:ca:77:92:31:2c:b8:90:b1:82:7a:74:4e:9b:13:26: + b4:d5:50:66:54:78:ae:60 +SHA1 Fingerprint=EC:2C:83:40:72:AF:26:95:10:FF:0E:F2:03:EE:31:70:F6:78:9D:CA +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD +DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX +DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw +b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP +L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY +t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins +S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3 +PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO +L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3 +R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w +dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS ++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS +d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG +AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f +gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j +BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z +NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt +hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM +QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf +R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ +DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW +P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy +lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq +bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w +AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q +r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji +Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU +98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= +-----END CERTIFICATE----- diff --git a/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_E46.pem b/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_E46.pem new file mode 100644 index 000000000000..964350854b3a --- /dev/null +++ b/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_E46.pem @@ -0,0 +1,66 @@ +## +## Sectigo Public Server Authentication Root E46 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## It contains a certificate trusted for server authentication. +## +## Extracted from nss +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 42:f2:cc:da:1b:69:37:44:5f:15:fe:75:28:10:b8:f4 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root E46 + Validity + Not Before: Mar 22 00:00:00 2021 GMT + Not After : Mar 21 23:59:59 2046 GMT + Subject: C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root E46 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:76:fa:99:a9:6e:20:ed:f9:d7:77:e3:07:3b:a8: + db:3d:5f:38:e8:ab:55:a6:56:4f:d6:48:ea:ec:7f: + 2d:aa:c3:b2:c5:79:ec:99:61:7f:10:79:c7:02:5a: + f9:04:37:f5:34:35:2b:77:ce:7f:20:8f:52:a3:00: + 89:ec:d5:a7:a2:6d:5b:e3:4b:92:93:a0:80:f5:01: + 94:dc:f0:68:07:1e:cd:ee:fe:25:52:b5:20:43:1c: + 1b:fe:eb:19:ce:43:a3 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Key Identifier: + D1:22:DA:4C:59:F1:4B:5F:26:38:AA:9D:D6:EE:EB:0D:C3:FB:A9:61 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: ecdsa-with-SHA384 + 30:64:02:30:27:ee:a4:5a:a8:21:bb:e9:47:97:94:89:a5:74: + 20:6d:79:4f:c8:bd:93:5e:58:18:fb:2d:1a:00:6a:c9:b8:3d: + d0:a4:4f:44:47:94:01:56:a2:f8:33:25:0c:42:df:aa:02:30: + 1d:ea:e1:2e:88:2e:e1:f9:a7:1d:02:32:4e:f2:9f:6c:55:74: + e3:ae:ae:fb:a5:1a:ee:ed:d2:fc:c2:03:11:eb:45:5c:60:10: + 3d:5c:7f:99:03:5b:6d:54:48:01:8a:73 +SHA1 Fingerprint=EC:8A:39:6C:40:F0:2E:BC:42:75:D4:9F:AB:1C:1A:5B:67:BE:D2:9A +-----BEGIN CERTIFICATE----- +MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw +CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T +ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN +MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG +A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT +ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC +WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+ +6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B +Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa +qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q +4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw== +-----END CERTIFICATE----- diff --git a/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_R46.pem b/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_R46.pem new file mode 100644 index 000000000000..e51aef002852 --- /dev/null +++ b/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_R46.pem @@ -0,0 +1,134 @@ +## +## Sectigo Public Server Authentication Root R46 +## +## This is a single X.509 certificate for a public Certificate +## Authority (CA). It was automatically extracted from Mozilla's +## root CA list (the file `certdata.txt' in security/nss). +## +## It contains a certificate trusted for server authentication. +## +## Extracted from nss +## +## @generated +## +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 75:8d:fd:8b:ae:7c:07:00:fa:a9:25:a7:e1:c7:ad:14 + Signature Algorithm: sha384WithRSAEncryption + Issuer: C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root R46 + Validity + Not Before: Mar 22 00:00:00 2021 GMT + Not After : Mar 21 23:59:59 2046 GMT + Subject: C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root R46 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:93:be:d5:36:52:75:d8:01:23:a0:1c:47:42:49: + ee:63:b6:b7:21:fd:c4:95:d5:48:2b:26:7c:14:53: + 10:da:79:fd:2b:b7:2d:a4:d4:2c:fa:ea:32:dd:49: + c2:b9:bd:0f:48:3d:7b:5a:98:54:af:9e:5d:31:74: + 4f:07:fc:50:21:dd:a4:cf:68:4f:1b:12:63:6d:25: + 99:4c:2a:99:f3:48:30:61:fa:81:7c:1e:a7:08:4a: + dc:3e:2b:1c:1f:18:4c:71:aa:35:8c:ad:f8:6e:e8: + 3b:4a:d9:e5:94:02:d6:89:84:13:aa:6d:c8:4f:33: + cc:50:96:37:92:33:dc:5f:88:e7:9f:54:d9:48:f0: + 98:43:d6:66:fd:9f:17:38:43:c5:01:51:0b:d7:e3: + 23:0f:14:5d:5b:14:e7:4b:be:dd:f4:c8:da:03:37: + d1:d6:39:a1:21:51:30:83:b0:6d:d7:30:4e:96:5b: + 91:f0:70:24:ab:bf:45:81:64:43:0d:bd:21:3a:2f: + 3c:e9:9e:0d:cb:20:b5:42:27:cc:da:6f:9b:ee:64: + 30:90:39:cd:93:65:81:21:31:b5:23:50:33:37:22: + e3:38:ed:f8:31:30:cc:45:fe:62:f9:d1:5d:32:79: + 42:87:df:6a:cc:56:19:40:4d:ce:aa:bb:f9:b5:76: + 49:94:f1:27:f8:91:a5:83:e5:06:b3:63:0e:80:dc: + e0:12:55:80:a6:3b:66:b4:39:87:2d:c8:f0:d0:d1: + 14:e9:e4:0d:4d:0e:f6:5d:57:72:c5:3b:1c:47:56: + 9d:e2:d5:fb:81:61:8c:cc:4d:80:90:34:5b:b7:d7: + 14:75:dc:d8:04:48:9f:c0:c1:28:88:b4:e9:1c:ca: + a7:b1:f1:56:b7:7b:49:4c:59:e5:20:15:a8:84:02: + 29:fa:38:94:69:9a:49:06:8f:cd:1f:79:14:17:12: + 0c:83:7a:de:1f:b1:97:ee:f9:97:78:28:a4:c8:44: + 92:e9:7d:26:05:a6:58:72:9b:79:13:d8:11:5f:ae: + c5:38:62:34:68:b2:86:30:8e:f8:90:61:9e:32:6c: + f5:07:36:cd:a2:4c:6e:ec:8a:36:ed:f2:e6:99:15: + 44:70:c3:7c:bc:9c:39:c0:b4:e1:6b:f7:83:25:23: + 57:d9:12:80:e5:49:f0:75:0f:ef:8d:eb:1c:9b:54: + 28:b4:21:3c:fc:7c:0a:ff:ef:7b:6b:75:ff:8b:1d: + a0:19:05:ab:fa:f8:2b:81:42:e8:38:ba:bb:fb:aa: + fd:3d:e0:f3:ca:df:4e:97:97:29:ed:f3:18:56:e9: + a5:96:ac:bd:c3:90:98:b2:e0:f9:a2:d4:a6:47:43: + 7c:6d:cf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 56:73:58:64:95:F9:92:1A:B0:12:2A:04:62:79:A1:40:15:88:21:49 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha384WithRSAEncryption + 2f:5c:99:3c:fc:06:5e:8c:94:2e:70:ea:d2:32:31:8d:b4:f0: + 51:d5:bc:0a:f3:64:9f:07:5e:d5:c1:73:68:64:7a:a2:b9:0e: + e8:f9:5d:85:2d:a8:37:45:aa:28:f4:96:05:50:60:a9:49:7e: + 9f:e2:99:36:29:13:44:47:6a:9d:55:20:3c:d8:9b:f1:03:32: + ba:da:40:a1:73:ea:83:a1:b7:44:a6:0e:99:01:9b:e4:bc:7f: + be:13:94:7e:ca:a6:1e:76:80:36:3d:84:06:8b:33:26:65:6d: + ca:7e:9e:fe:1f:8c:58:38:7b:1a:83:b1:0f:bc:17:11:bb:e6: + 06:cc:63:fa:81:f2:81:4c:da:0b:10:6b:a1:fa:d5:28:a5:cf: + 06:40:16:ff:7b:7d:18:5e:39:12:a4:53:9e:7e:32:42:10:a6: + 21:91:a9:1c:4e:17:7c:84:bc:9f:8c:d1:e8:df:e6:51:b9:36: + 47:3f:90:b9:c7:bc:02:dc:5b:1c:4f:0e:48:c1:25:83:9c:0a: + 3f:9e:b1:03:33:12:1a:27:ac:f7:22:6c:24:d1:01:41:f8:58: + 03:fe:25:68:22:1f:9a:5a:3c:7c:6c:9e:75:48:f3:81:f1:66: + 67:6e:4c:82:c0:ee:ba:57:0e:18:ef:2e:9a:f7:12:d8:a0:6b: + e9:05:a5:a1:e9:68:f8:bc:4c:3f:12:1e:45:e8:52:c0:a3:bf: + 12:27:79:b9:cc:31:3c:c3:f6:3a:22:16:03:a0:c9:8f:66:a4: + 5b:a2:4d:d6:81:25:06:e9:76:a4:00:0a:3e:cb:cd:35:9b:e0: + e1:38:cb:60:53:86:28:42:41:1c:44:57:e8:a8:ad:ab:45:e3: + 25:10:bc:db:3e:65:41:fb:1b:a6:97:0f:eb:b9:74:79:f9:1e: + bc:1d:57:0d:47:af:c3:2f:9f:87:46:a7:eb:26:5a:0f:56:63: + b5:62:60:6e:00:fb:e3:27:11:22:e7:fe:99:8f:34:f5:b9:e8: + c3:91:72:bd:d8:c3:1e:b9:2e:f2:91:44:51:d0:57:cd:0c:34: + d5:48:21:bf:db:13:f1:66:25:43:52:d2:70:22:36:cd:9f:c4: + 1c:75:20:ad:63:72:63:06:0f:0e:27:ce:d2:6a:0d:bc:b5:39: + 1a:e9:d1:76:7a:d1:5c:e4:e7:49:49:2d:55:37:68:f0:1a:3a: + 98:3e:54:17:87:54:e9:a6:27:50:89:7b:20:2f:3f:ff:bf:a1: + 8b:4a:47:98:ff:2b:7b:49:3e:c3:29:46:60:18:42:ab:33:29: + ba:c0:29:b9:13:89:d3:88:8a:39:41:3b:c9:fd:a6:ed:1f:f4: + 60:63:df:d2:2d:55:01:8b +SHA1 Fingerprint=AD:98:F9:F3:E4:7D:75:3B:65:D4:82:B3:A4:52:17:BB:6E:F5:E4:38 +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD +Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw +HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY +MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp +YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa +ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz +SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf +iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X +ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3 +IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS +VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE +SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu ++Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt +8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L +HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt +zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P +AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c +mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ +YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52 +gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA +Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB +JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX +DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui +TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5 +dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65 +LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp +0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY +QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL +-----END CERTIFICATE----- diff --git a/secure/caroot/trusted/E-Tugra_Certification_Authority.pem b/secure/caroot/untrusted/E-Tugra_Certification_Authority.pem similarity index 100% rename from secure/caroot/trusted/E-Tugra_Certification_Authority.pem rename to secure/caroot/untrusted/E-Tugra_Certification_Authority.pem diff --git a/secure/caroot/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem b/secure/caroot/untrusted/E-Tugra_Global_Root_CA_ECC_v3.pem similarity index 100% rename from secure/caroot/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem rename to secure/caroot/untrusted/E-Tugra_Global_Root_CA_ECC_v3.pem diff --git a/secure/caroot/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem b/secure/caroot/untrusted/E-Tugra_Global_Root_CA_RSA_v3.pem similarity index 100% rename from secure/caroot/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem rename to secure/caroot/untrusted/E-Tugra_Global_Root_CA_RSA_v3.pem diff --git a/secure/caroot/trusted/Hongkong_Post_Root_CA_1.pem b/secure/caroot/untrusted/Hongkong_Post_Root_CA_1.pem similarity index 100% rename from secure/caroot/trusted/Hongkong_Post_Root_CA_1.pem rename to secure/caroot/untrusted/Hongkong_Post_Root_CA_1.pem